Complying with the California Privacy Rights Act (CPRA)

4 minute read. Learn the basics of the California Privacy Rights Act (CPRA) and how it impacts your business.

‍

In this article, we provide information that can help business owners successfully navigate the California Privacy Rights Act (CPRA).

To protect consumer privacy, California has introduced legislation, the California Consumer Privacy Act (CCPA), that defines how companies can gather, use, store, and manage customer data. In 2023, California will amend the CCPA with the CPRA.

It doesn’t matter where your business is located-–the CPRA applies to your company if your customers reside in California. If you fail to comply with CPRA regulations, you may face expensive financial penalties and possible damage to your reputation. But there are solutions that simplify compliance.

Protecting Consumer Privacy

The CPRA defines the rights that consumers, also known as data subjects, have to review, access, delete, manage, and update their data. Taking effect in January 2023, the CPRA expands on the CCPA of 2020. Under CPRA, consumers, as well as employees and business contacts, have the right to:

1. Be informed about the personal data held by a company
2. Access their personal data
3. Delete their personal data
4. Correct their personal data
5. Opt-out of the sale and sharing of personal data
6. Limit the disclosure of sensitive data

The CPRA applies to firms that:

• Earned $25 million in annual gross revenues as of January 1 of the preceding calendar year.
• Sell, buy, or share the personal information of 100,000 California households or consumers.
• Derive 50 percent or more of its revenues from sharing or selling personal information.

The following types of entities will also be subject to the CPRA:

1. Joint ventures or partnerships in which each business has at least 40% interest — each business in this relationship will be considered a single separate business.
2. Commonly controlled entities, which are entities that:

• Controlled or control a covered business
• Share common branding with the business
• Have access to the personal information of the covered business’s consumers

Additionally, any business that wants to comply with the CPRA, even if it doesn’t fall under the thresholds above.

The CPRA establishes the California Privacy Protection Agency (CPPA), which has the authority to enforce, regulate, and implement the CPRA through the Administrative Law Court. Unlike the state court system, which currently enforces the CCPA, the Administrative Law Court provides independent hearings that are more informal and transparent.

Satisfying the California Privacy Rights Act

To cost-effectively ensure they are complying with CPRA, businesses will have to manage and track consumers’ requests to opt-out, review, access, delete, and obtain their data.

Business owners and leaders need a system for tracking consumer requests to opt-out, review, access, delete, and obtain their data. Without an accurate system for tracking the status of each request, business owners risk costly penalties and damage to their reputations.

To strengthen and enhance customer loyalty, PrivacyCare offers a system that features:

1. Customizable data-subject-request (DSR) forms that consumers can use to initiate their data request.
2. Consumer authentication.
3. A flexible record-keeping system that can support any DSR process, helping businesses comply with multi-state data privacy laws.
4. A database of the DSRs and their status.
5. A cost-effective solution that avoids unnecessary upgrades involving data analytics, data management, and data security functions.
6. A SaaS platform that eliminates the need for businesses to purchase and manage hardware or software.
7. Up-to-date with latest changes to data privacy laws across the U.S.

‍

Start building your CPRA consumer content program for free with PrivacyCare today.

‍